AWS Certified Developer – Associate — Question 193

A developer has written an application that runs on Amazon EC2 instances. The developer is adding functionality for the application to write objects to an Amazon S3 bucket.

Which policy must the developer modify to allow the instances to write these objects?

Answer options

• A. The IAM policy that is attached to the EC2 instance profile role.
• B. The session policy that is applied to the EC2 instance role session.
• C. The AWS Key Management Service (AWS KMS) key policy that is attached to the EC2 instance profile role.
• D. The Amazon VPC endpoint policy.

Correct answer: A

Explanation

The correct answer is A because the IAM policy attached to the EC2 instance profile role governs the permissions that the EC2 instances have, including the ability to write to an S3 bucket. Option B is incorrect as session policies do not grant permissions; they only limit them. Option C is not relevant since KMS key policies are related to encryption and not directly to S3 access. Option D is not applicable as VPC endpoint policies control access to services from within a VPC, not permissions for S3 access.